Question
For each CIA concept below, classify each example as having a low, moderate, or highlevel of impact on organizations or individuals. Justify your classifications.a.Confidentiality:Student enrollment
For each CIA concept below, classify each example as having a low, moderate, or highlevel of impact on organizations or individuals. Justify your classifications.a.Confidentiality:Student enrollment information; Student grade information; Student directories (name, address, telephone).b.Integrity:An anonymous online poll; A hospital patients allergy information stored in a database; A Web site that offers a forum to registered users to discuss some specific topic. c.Availability:A public Web site for a university; An online telephone directory lookup application; A system that provides authentication services for critical systems, applications, and devices.Three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability), are defined in FIPS PUB 1991:Low:The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might (i) cause a degradation in mission capacity to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; or (iii)result in minor harm to individuals.Moderate:The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might (i) cause a significant degradation in mission capability to an extent Page 2of 4March 5, 2018and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.High:The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss might (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.1The National Institute of Standards and Technology (NIST) has produced a large number of Federal Information Processing Standards Publications (FIPS PUBs), including FIPS 199(Standards for Security Categorization of Federal Information and Information Systems). FIPS PUB 199 provides a useful characterization of the three security objectives (the CIA triad) in terms of requirements and the definition of a loss of security in each category (confidentiality, integrity, availability).
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started